ioc[.]one - OSINT Cyber Threat Intelligence Database

String Hashing: Reverse Engineering an Anti-Analysis Control

Tags

attack-pattern:

Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Tool - T1588.002 Brute Force - T1110

Show in Graph

Common Information

Type	Value
UUID	231c4059-ae78-4941-aefb-795737adca72
Fingerprint	ac0389be683326cd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2018, 2:32 p.m.
Added to db	Jan. 18, 2023, 10:11 p.m.
Last updated	Nov. 10, 2024, 1:52 a.m.
Headline	String Hashing: Reverse Engineering an Anti-Analysis Control
Title	String Hashing: Reverse Engineering an Anti-Analysis Control
Detected Hints/Tags/Attributes	34/1/301

Source URLs

	Redirection	Url
Details	Source	https://r3mrum.wordpress.com/2018/02/15/string-hashing-reverse-engineering-an-anti-analysis-control/

URL Provider

Details	Provider	Source level domain
Details	wordpress.com	r3mrum.wordpress.com

Attributes

Details	Type	#Events	Value
Details	Domain	10	www.aldeid.com
Details	File	2	'360tray.exe
Details	File	1	'adawaredesktop.exe
Details	File	1	'adawareservice.exe
Details	File	1	'adawaretray.exe
Details	File	1	'agentsvc.exe
Details	File	3	gui.exe
Details	File	1	'apis32.exe
Details	File	1	'autorepgui.exe
Details	File	1	'autorunsc.exe
Details	File	1	'autoruns.exe
Details	File	1	'avcenter.exe
Details	File	1	'avctestsuite.exe
Details	File	1	'avgnt.exe
Details	File	1	'avguard.exe
Details	File	1	'avk.exe
Details	File	1	'avkproxy.exe
Details	File	1	'avkservice.exe
Details	File	1	'avktray.exe
Details	File	1	'avkwctlx64.exe
Details	File	1	'avp32.exe
Details	File	1	'avpcc.exe
Details	File	3	'avp.exe
Details	File	1	'avpmapp.exe
Details	File	1	'avpm.exe
Details	File	1	'avpupd.exe
Details	File	1	'av_task.exe
Details	File	1	'bav.exe
Details	File	1	'bavhm.exe
Details	File	1	'bavsvc.exe
Details	File	1	'bavtray.exe
Details	File	1	'bavupdater.exe
Details	File	1	'bavwebclient.exe
Details	File	1	'bdssvc.exe
Details	File	1	'behaviordumper.exe
Details	File	1	'bgscan.exe
Details	File	1	'bullguardbhvscanner.exe
Details	File	1	'bullguard.exe
Details	File	1	'bullguardupdate.exe
Details	File	1	'bullguarscanner.exe
Details	File	1	'capinfos.exe
Details	File	1	'cavwp.exe
Details	File	1	'ccenter.exe
Details	File	1	'certreg.exe
Details	File	1	'cis.exe
Details	File	1	'cistray.exe
Details	File	1	'clamscan.exe
Details	File	1	'clamtray.exe
Details	File	1	'clamwin.exe
Details	File	1	'cmdagent.exe
Details	File	1	'configsecuritypolicy.exe
Details	File	1	'consctlx.exe
Details	File	1	'coreframeworkhost.exe
Details	File	1	'coreserviceshell.exe
Details	File	1	'cpd.exe
Details	File	1	'cwsandboxstarter.exe
Details	File	1	'dragon_updater.exe
Details	File	1	'drvloader.exe
Details	File	1	'dumpcap.exe
Details	File	1	'econceal.exe
Details	File	1	'econser.exe
Details	File	1	'editcap.exe
Details	File	1	'emlproxy.exe
Details	File	1	'escanmon.exe
Details	File	1	'escanpro.exe
Details	File	1	'exec.exe
Details	File	1	'fakehttpserver.exe
Details	File	1	'fakeserver.exe
Details	File	1	'fcappdb.exe
Details	File	1	'fcdblog.exe
Details	File	1	'fchelper64.exe
Details	File	2	'fiddler.exe
Details	File	1	'filemon.exe
Details	File	1	'filmsg.exe
Details	File	1	'filup.exe
Details	File	1	'filwscc.exe
Details	File	1	'findt2005.exe
Details	File	1	'fmon.exe
Details	File	1	'forticlient_diagnostic_tool.exe
Details	File	1	'forticlient.exe
Details	File	1	'fortiesnac.exe
Details	File	1	'fortifw.exe
Details	File	1	'fortiproxy.exe
Details	File	1	'fortisslvpndaemon.exe
Details	File	1	'fortitracer.exe
Details	File	1	'fortitray.exe
Details	File	1	'fpavserver.exe
Details	File	1	'fprottray.exe
Details	File	1	'fpwin.exe
Details	File	1	'freshclam.exe
Details	File	1	'freshclamwrap.exe
Details	File	1	'fsav32.exe
Details	File	1	'fsbwsys.exe
Details	File	1	'fsdfwd.exe
Details	File	1	'fsgk32.exe
Details	File	1	'fshdll64.exe
Details	File	1	'fshoster32.exe
Details	File	1	'fsm32.exe
Details	File	1	'fsma32.exe
Details	File	1	'fsorsp.exe
Details	File	1	'fssm32.exe
Details	File	1	'gdbginx64.exe
Details	File	1	'gdkbfltexe32.exe
Details	File	1	'gdscan.exe
Details	File	1	'gdsc.exe
Details	File	1	'grabme.exe
Details	File	1	'guardxkickoff_x64.exe
Details	File	1	'guardxservice.exe
Details	File	1	'hips32.exe
Details	File	1	'hookanaapp.exe
Details	File	1	'hookexplorer.exe
Details	File	2	'idaq64.exe
Details	File	2	'idaq.exe
Details	File	2	'immunitydebugger.exe
Details	File	1	'importrec.exe
Details	File	1	'iptray.exe
Details	File	1	'joeboxcontrol.exe
Details	File	1	'joeboxserver.exe
Details	File	1	'k7avscan.exe
Details	File	1	'k7crvsvc.exe
Details	File	1	'k7emlpxy.exe
Details	File	1	'k7fwsrvc.exe
Details	File	1	'k7pssrvc.exe
Details	File	1	'k7rtscan.exe
Details	File	1	'k7sysmon.exe
Details	File	1	'k7tsecurity.exe
Details	File	1	'k7tsmain.exe
Details	File	1	'k7tsmngr.exe
Details	File	1	'kavmm.exe
Details	File	1	'kavpfw.exe
Details	File	1	'kavsvc.exe
Details	File	1	'liteclient.exe
Details	File	1	'littlehook.exe
Details	File	1	'lordpe.exe
Details	File	1	'mbam.exe
Details	File	1	'mbamscheduler.exe
Details	File	1	'mbamservice.exe
Details	File	1	'mcshieldccc.exe
Details	File	1	'mcshieldds.exe
Details	File	1	'mcshieldrtm.exe
Details	File	1	'mcs-uninstall.exe
Details	File	2	'mergecap.exe
Details	File	2	'mpcmdrun.exe
Details	File	1	'mpuxsrv.exe
Details	File	1	'msascui.exe
Details	File	1	'msmpeng.exe
Details	File	1	'mwagent.exe
Details	File	1	'mwaser.exe
Details	File	1	'nanoav.exe
Details	File	1	'nanosvc.exe
Details	File	1	'navapsvc.exe
Details	File	1	'navrunr.exe
Details	File	1	'navw32.exe
Details	File	1	'navwnt.exe
Details	File	1	'nbrowser.exe
Details	File	1	'nfservice.exe
Details	File	1	'nisserv.exe
Details	File	1	'nissrv.exe
Details	File	1	'njeeves2.exe
Details	File	1	'nnf.exe
Details	File	1	'nod32cc.exe
Details	File	1	'nod32krn.exe
Details	File	1	'nod32kui.exe
Details	File	1	'nod32m2.exe
Details	File	1	'nprosec.exe
Details	File	1	'nseupdatesvc.exe
Details	File	1	'ns.exe
Details	File	1	'nvcod.exe
Details	File	1	'nvcsvc.exe
Details	File	1	'nvoy.exe
Details	File	1	'nwscmon.exe
Details	File	1	'observer.exe
Details	File	2	'ollydbg.exe
Details	File	1	'onlinent.exe
Details	File	2	'op_mon.exe
Details	File	1	'opssvc.exe
Details	File	2	'outpost.exe
Details	File	1	'pebrowsedbg.exe
Details	File	2	'petools.exe
Details	File	1	'prl_cc.exe
Details	File	1	'prl_tools.exe
Details	File	1	'proc_analyzer.exe
Details	File	1	'processhacker.exe
Details	File	1	'processmemdump.exe
Details	File	2	'procexp.exe
Details	File	2	'procmon.exe
Details	File	1	'psanhost.exe
Details	File	1	'psuamain.exe
Details	File	1	'psuaservice.exe
Details	File	1	'psview.exe
Details	File	1	'ptsessionagent.exe
Details	File	1	'ptsvchost.exe
Details	File	1	'ptwatchdog.exe
Details	File	1	'quamgr.exe
Details	File	1	'quhlpsvc.exe
Details	File	1	'rawshark.exe
Details	File	2	'regmon.exe
Details	File	2	'regshot.exe
Details	File	2	'sample.exe
Details	File	1	'sandbox.exe
Details	File	1	'sandboxiedcomlaunch.exe
Details	File	1	'sandboxierpcss.exe
Details	File	1	'sandbox_svc.exe
Details	File	1	'sapissvc.exe
Details	File	1	'sascore64.exe
Details	File	1	'sastask.exe
Details	File	1	'savscan.exe
Details	File	1	'sbamsvc.exe
Details	File	1	'sbamtray.exe
Details	File	1	'sbiectrl.exe
Details	File	1	'sbiesvc.exe
Details	File	1	'sbpimsvc.exe
Details	File	1	'scanner.exe
Details	File	1	'scanwscs.exe
Details	File	1	'schmgr.exe
Details	File	1	'scproxysrv.exe
Details	File	1	'scsecsvc.exe
Details	File	1	'sdfssvc.exe
Details	File	1	'sdscan.exe
Details	File	1	'sdtray.exe
Details	File	1	'sdwelcome.exe
Details	File	1	'siliptcpip.exe
Details	File	1	'sniff_hit.exe
Details	File	1	'snxcmd.exe
Details	File	1	'ssupdate64.exe
Details	File	1	'starter.exe
Details	File	1	'superantispyware.exe
Details	File	1	'superdelete.exe
Details	File	1	'symlcsvc.exe
Details	File	1	'symrecv.exe
Details	File	2	'sysanalyzer.exe
Details	File	1	'syser.exe
Details	File	1	'sysinspector.exe
Details	File	1	'tcpdump.exe
Details	File	2	'tcpview.exe
Details	File	1	'text2pcap.exe
Details	File	1	'trayicos.exe
Details	File	1	'traysser.exe
Details	File	1	'trigger.exe
Details	File	1	'tshark.exe
Details	File	1	'twsscan.exe
Details	File	1	'twssrv.exe
Details	File	1	'uiseagnt.exe
Details	File	1	'uiupdatetray.exe
Details	File	1	'uiwatchdog.exe
Details	File	1	'uiwinmgr.exe
Details	File	1	'unthreat.exe
Details	File	1	'useraccountcontrolsettings.exe
Details	File	1	'userreg.exe
Details	File	1	'utsvc.exe
Details	File	1	'v3main.exe
Details	File	1	'v3medic.exe
Details	File	1	'v3proxy.exe
Details	File	1	'v3sp.exe
Details	File	1	'v3svc.exe
Details	File	1	'v3up.exe
Details	File	1	'vboxcontrol.exe
Details	File	1	'vboxservice.exe
Details	File	1	'vboxtray.exe
Details	File	1	'viewtcp.exe
Details	File	1	'vipreui.exe
Details	File	1	'virusutilities.exe
Details	File	1	'vmsrvc.exe
Details	File	1	'vmtoolsd.exe
Details	File	1	'vmtools.exe
Details	File	1	'vmtray.exe
Details	File	1	'vmusrvc.exe
Details	File	1	'vmwaretray.exe
Details	File	1	'vmwareuser.exe
Details	File	1	'webcompanion.exe
Details	File	2	'windbg.exe
Details	File	1	'windump.exe
Details	File	2	'wireshark.exe
Details	File	1	'wow64hlp.exe
Details	File	1	'wspass.exe
Details	File	1	'xenservice.exe
Details	File	1	'zanda.exe
Details	File	1	'zlh.exe
Details	File	1	'zlhh.exe
Details	File	1	'zonealarm.exe
Details	File	1	'zxsniffer.exe
Details	File	65	python.exe
Details	File	27	pythonw.exe
Details	File	8	perl.exe
Details	File	9	aaa.exe
Details	File	1	aab.exe
Details	File	1	aac.exe
Details	File	13	php.exe
Details	File	4	emul.exe
Details	File	4	imul.exe
Details	File	9	peid.exe
Details	File	4	apispy.exe
Details	File	2	angar2.exe
Details	File	1	dh2llv.exe
Details	File	1	cxxxxxx.exe
Details	File	29	autoit3.exe
Details	md5	1	e561ae3cedb6f9fc0ecff559c62788b0
Details	md5	1	1a2e1964da566143ad274ee3720924b8
Details	sha256	1	38933984f5ff8b71c054d1c1155e308ac02377b89315ef17cea859178a30dbab
Details	sha256	1	88d14d717468c984db02a032ff1b809d7998638fc4c731e17be7083d47b012e6
Details	Url	1	https://www.aldeid.com/wiki/x86-assembly/instructions